1. Field of the Invention
This invention relates to a method and system for improving security of operating systems in computing systems running sandboxes.
2. Description of the Related Art
One of the problems of a modern operating system development is dealing with third-party device drivers. Typically, an operating system vendor, such as Microsoft, the developer of MS WINDOWS, and the various providers of LINUX, have to allow third party vendors to incorporate, or import, their drivers into operating system kernel address space. Quite often, the quality of the code of these drivers is rather uneven—with the proliferation of vendors of hardware—video cards, Wi-Fi cards, digital cameras, mobile phones, etc.—the number of device drivers increases as well, while the skill set of the developers of these drivers is often mediocre.
The problem arises in that the operating system kernel address space is monolithic. Therefore, the operating system kernel has no realistic choice, other than to locate the device driver within the same operating system kernel space as other OS kernel code. Thus, any errors, mistakes, bugs, etc. in the driver itself can crash the computer system, can “hang it up,” can result in other errors, such as attempts to access a memory location that should not be accessed, or one that does not exist, resulting in an exception or an interrupt, etc. The operating system vendor, nonetheless, has no realistic choice, since placing the driver in user space means that the overhead penalty would be unacceptable.
One of the conventional approaches of dealing with this problem is exemplified by the XEN approach, where a service operating system, or a number of service operating systems, are launched in a Virtual Machine environment. In this approach, one Virtual Machine can be assigned to one driver. This provides some measure of fault isolation. However, the XEN approach has not become popular in the industry, in part because of the complexity of the administration and support, and in part because each XEN Virtual Machine/domain has its own full-fledged operating system. This feature limits the potential for scalability.
INTEL® Virtualization Technology provides for running multiple “virtual” systems, e.g., multiple operating systems on a single hardware platform. This technology is hardware supported and provides hardware enhancements built into Intel's server platforms.
Another conventional approach goes back to the 1980s, and involves the use of microkernels. Some examples of microkernels are the GNU Hurd project, the Mach operating system kernel and others known in the art. In essence, true microkernels divide the monolithic kernel address space into several address spaces. This is a workable approach in theory, however, in practice, modern hardware processor architecture does not directly support efficient non-monolithic kernel address space. Therefore, as a practical matter, the true microkernel approach is more of a theoretical interest than a practical, commercially-realized idea.